Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community

Type apk

Namespace alpine

Name upx

Version 3.96-r0

Qualifiers

arch	aarch64
distroversion	v3.24
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.96-r1

Latest_non_vulnerable_version 4.0.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-djrw-eg8c-nqgr

vulnerability_id VCID-djrw-eg8c-nqgr

summary canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14296

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.58985
published_at	2026-06-11T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.59097
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232
reference_id	933232
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=aarch64&distroversion=v3.24&reponame=community

aliases CVE-2019-14296

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djrw-eg8c-nqgr

url VCID-dsn9-ms26-27f4

vulnerability_id VCID-dsn9-ms26-27f4

summary An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20053

reference_id

reference_type

scores

value	0.00349
scoring_system	epss
scoring_elements	0.57807
published_at	2026-06-11T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57919
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20053

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20053
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20053

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471
reference_id	947471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=aarch64&distroversion=v3.24&reponame=community

aliases CVE-2019-20053

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsn9-ms26-27f4

url VCID-vcx3-kx6z-yfde

vulnerability_id VCID-vcx3-kx6z-yfde

summary A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20021

reference_id

reference_type

scores

value	0.00324
scoring_system	epss
scoring_elements	0.55869
published_at	2026-06-11T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55989
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20021

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471
reference_id	947471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471

fixed_packages

url	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/upx@3.96-r0?arch=aarch64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=aarch64&distroversion=v3.24&reponame=community

aliases CVE-2019-20021

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcx3-kx6z-yfde

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@3.96-r0%3Farch=aarch64&distroversion=v3.24&reponame=community

Package Instance